Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

"NAT Aware" SIP trunk in Call Manager 8.5

I currently have CM8.5 running with a SIP provider trunk out to the internet.  It is running via CUBE that is on a DMZ.  The firewall is an ASA and it is doing SIP inspection, so the payload is being NAT'd along with the ip headers.  We are replacing the ASA with another firewall that appearently does not do SIP inspection.  Is there a way in CM8.5 to setup a SIP trunk with the global IP address being used in the SIP payload instead of the internal address?

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Super Bronze

"NAT Aware" SIP trunk in Call Manager 8.5

Nope. CUCM is not supposed to be exposed to an untrusted network. CUBE can do it if you bypass the firewall and give the outside interface a public IPv4 directly. If you have sufficient CPU headroom, you could enable IOS zone-based firewalling to protect the router. If not, use an ACL to deny all traffic except to/from the ITSP SIP Proxy and established connections.

Please remember to rate helpful responses and identify helpful or correct answers.

3 REPLIES
VIP Super Bronze

"NAT Aware" SIP trunk in Call Manager 8.5

Nope. CUCM is not supposed to be exposed to an untrusted network. CUBE can do it if you bypass the firewall and give the outside interface a public IPv4 directly. If you have sufficient CPU headroom, you could enable IOS zone-based firewalling to protect the router. If not, use an ACL to deny all traffic except to/from the ITSP SIP Proxy and established connections.

Please remember to rate helpful responses and identify helpful or correct answers.

New Member

Re: "NAT Aware" SIP trunk in Call Manager 8.5

Thanks! Do you know if there is a configuration guide for CUBE setup that way?

Sent from Cisco Technical Support iPad App

VIP Super Bronze

Re: "NAT Aware" SIP trunk in Call Manager 8.5

I don't have a working example of this handy; however, I have seen it mentioned during Cisco Live presentations. The recordings are now free at ciscolive365.com. If no one else responds, you may want to poke around there.

Please remember to rate helpful responses and identify helpful or correct answers.

363
Views
5
Helpful
3
Replies
CreatePlease to create content